Security Specialist

Introduction
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your Role and Responsibilities

IBM Technology Zone operates a global Hybrid Cloud infrastructure inclusive of IBM Cloud, AWS, Azure, Power, Z, VMWare, and KVM. The Security Specialist is to work with the Security & Compliance lead to ensure scalable security architectures across these platforms and compliance commitments are reflected in the corresponding roadmaps. Additionally, compliance risks and audit findings are completed within the planned timeframes, and identified compliance issues are properly risk assessed with an action plan to close. The Security Specialist in our team will participate in some or all of the following:

• Review, document, and iterate on cloud security models to ensure scalable and secure access to our Hybrid Cloud infrastructure.

• Collaborating with infrastructure architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology

• Conducting regularly reviews on compliance progression of systems and hosting internal and third-party audits as required in order to maintain certifications and compliance certificates.

• Working with the Development teams to ensure automation of evidence collection and evidence management is in line with compliance expectations at all times, and when this is not the case, identifies specific actions and owners to meet the expectations.

• Assisting team members in addressing highly complex security issues applicable to enterprise environment.

• Mitigate CISR exceptions pursuant to established CIO policies.

Successful security Compliance leader will possess the following skills or knowledge:

• Ability to leverage and extend existing security reference architecture to include detailed security models for IBM Cloud, AWS, Azure, & VMWare environments.

• Ability to leverage and extend existing security reference architecture to include front-end and back-end components at the application level.

• Experience working with application and cloud SMEs to document security models.

• Experience with public cloud security models, i.e., access policies, resource groups, IAM, LDAP, etc.

• Ability to utilize project management principles to properly scope compliance work efforts by service lines, identify common areas of work, and create a measurable milestone plans across service lines to enable completion of compliance work items on time.

• Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, GDPR, SOC 2, PCI, NIST, ISO, or ITAR.

• Experience in risk assessment processes, service delivery operations, and software development.

• Ability to understand enterprise business computing operations/requirements, and in particular, public cloud and communicate to service lines what is expected in order to consider a work item complete.

• Ability to stand firm on issues yet be flexible and creative when working with stakeholders to find effective solutions.

Required Technical and Professional Expertise

• Extensive experience in complex cross organization project management with emphasis on identifying and managing risk, setting measurable goals, identifying dependencies, defining critical paths and communicating with senior executives, auditors, and internal technical leads.

• Experience working with data center and/or cloud infrastructure.

• Experience with operations of data centers and cloud-based infrastructures, networking security including firewalls, intrusion detection, vulnerability scanning, and OS patching.

• Executive communications, effective problem management, and working under timeline pressure.

Preferred Technical and Professional Expertise

• Experience with DevOps concepts, tooling and software development.

• Knowledge of ITSS or ISEC security policies.

• Knowledge of IBM Security Tooling (e.g., AccessHub, IBM Inventory, MAD, Crowdstrike, Cognos Reporting).

• Knowledge of Industry Security & Privacy Regulations (e.g., ISO, SOC2, HIPAA, PCI, FFIEC, GDPR).